Hello EH.net,I’m a long time lurker, first time poster. I have been reading EH.net for some time now and the folks here seem extremely knowledgeable, talented and friendly (which is hard to find now a day with the anonymity that the internet provides).

A little about me

I have been working as a linux admin for the past 6 years. I have a bachelor’s degree in CompSci(2003) and a masters in NetSec(2008) which I have not really been able to use at my current position, excluding the hardening of infrastructure, catching, cleaning up and stopping of attacks etc.. I have a decent understanding of networking and linux. I can understand and program a little in C, C++, Perl and BASH. I am also currently working my way through udacity.com CS101 and cs262 in order to gain some python knowledge.

Questions

In 2013, I have made it a goal of mine to find a job as a pen tester (net/web) and would love some advice from everyone here on how to make the move from linux admin into security. So my questions to the community are:

1)Which certs are a must have for someone with my background in order to break into this field?

I’m definitely going for the OSCP, since it just seems like it would be a blast.

2)How should I prepare for the OSCP? I would like to be as ready as possible for the class so I can spend 90% of my time in the labs instead of taking 1 month to go over all the material and then only having 1 month for the labs.

3)Which books are a must read for anyone in this field and to prepare for the certs you suggest in question 1?

I'm going to be brief with my responses because these types of questions have already been answered dozens of times elsewhere, and I encourage you to review those other threads because there's a wealth of information in them.

Job: It will probably be more realistic to land a full-time security position in 2013 than a pen testing position. You may get lucky, but your best course of action will probably be to ease into it a bit more. Landing a position that has the possibility of some internal pen testing activities will greatly help you get into a full-time pen testing position as well.

Certs: You don't need any. If you have demonstrable skills, you can get by without them. The OSCP is great, and the OSCE beyond that. OffSec also has a new web app course/cert that will hopefully be available sometime around the end of the year. SANS/GIAC GWAPT, GPEN, and GCIH are nice ones to have as well. Of course, the CISSP satisfies a check box for many places and helps you get past HR filtering.

OSCP: Most people are short on Linux experience, so you're probably in a better starting place than most. You'll learn the most by experimenting in the labs, so as long as you're comfortable with Linux, Windows, and networking, go for it. Reading through that book list of yours would certainly put you ahead of the curve though. Unless you have a lot of time to dedicate to the labs, you'll probably be best off registering for 90 days at the onset. 60 was a bit tight for me, and I compromised about 80-85% of the systems.

Books: Popular ones you're missing are Counterhack: Reloaded, the official NMap book, and the Wireshark book. The Coding for Penetration Tester's book is a nice one as well. That one helps you think outside the box and take control yourself, as opposed to just showing you how to use tools.

Skills: Besides the obvious, http://www.thehackeracademy.com/the-key ... n-testers/ and excellent writing skills. I spend about a third of my time writing reports. Internal QA and your clients do not want to suffer through poor grammar, usage, or spelling. Speaking skills to a lesser extent. I typically conduct a 30-60 minute exit interview at the conclusion of an engagement. As long as you can convey critical findings and corrective measures to a few people of varying technical levels, you'll be fine. Check out something like Toastmasters if you feel weak here.

First of all i want to say something about linux i think its great for u to know because all of hackers needs it, so you'll have no problem with that. Also because of that linux becground and othe experiences which you've said you dont need to learn network basics too.

But another thing which i always recommend is virtualization i dont know if u know it or not but u will need to work with atleast virtual box however if u learn the concepts and vmware it will be better.

The next thing which i want to recommend u to learn is programming which is extremely required for exploitation. I suggest u to learn assembly and python and html (its so easy!).

About OSCP im planning to get it next year and all i know about it is so hard and much better than CEH.! You can find good info about it in offsec's website.

Thanks for the great reply and all the info. You have eased some of my fears about the OSCP. In regards to the other classes OS offers, I do plan on taking the OSWE and then the OSCE once I feel I'm ready. From all the research I have done, they diffidently seem like they are the best classes out there ATM.

About one of the books that you mentioned. Is Counterhack: Reloaded still relevant since it was written in 2005 or would something like the new hacking exposed be a better read?

Last edited by adroc on Fri Oct 12, 2012 2:10 am, edited 1 time in total.

adroc wrote:Hello ajohnson,About one of the books that you mentioned. Is Counterhack: Reloaded still relevant since it was written in 2005 or would something like the new hacking exposed be a better read?

adroc wrote:Hello ajohnson,About one of the books that you mentioned. Is Counterhack: Reloaded still relevant since it was written in 2005 or would something like the new hacking exposed be a better read?

It's still largely relevant.

To expand a bit for Adroc's benefit.

The difference between Counterhack: Reloaded and a book like Grey Hat hacking/The Hacking Exposed series is that Counterhack starts off giving you an in depth understanding of how the basics of most things IT work (operating system file structure, network protocols, etc) and then starts talking about the attacks that can be done.

The other two assume the reader already has a grasp of the basics and head straight into the security stuff.

This is the reason why most people here suggest Counterhack for complete newbies over title series such as hacking exposed until they have a grasp of the basics.